Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

APEC privacy framework envisages common principles such as Notice, Collection limitation, Use Limitation, Access and Correction, Security/Safeguards, and Accountability. But it differs from the EU Data Protection Directive in which of the below aspect?

A.

APEC privacy framework does not deal with the usage of personal information

B.

APEC privacy framework does not mandate the binding treaties or directives for member countries

C.

APEC privacy framework does not have a provision for co-operation between privacy enforcement agencies of members

D.

APEC privacy framework does not deal with e-commerce

Which of the following categories of information are generally protected under privacy laws?

A.

Personally Identifiable Information (PII)

B.

Sensitive Personal Information (SPI)

C.

Trademark, copyright and patent information

D.

Organizations’ confidential business information

Indian constitution does not expressly provide for the “right to privacy” to its citizens. However, there were various judicial pronouncements of the apex court which finally established the “right to privacy” as a fundamental right subsumed under Article 21 of the constitution of India. Article 21 inter alia provides and protects the __________________.

A.

Right to Life and Personal liberty

B.

Right to Opportunity

C.

Right to Freedom of Speech and Expression

D.

Right to Equality before law

Under which of the following conditions can a company in India may transfer sensitive personal information (SPI) to any other company or a person in India, or located in any other country?

A.

Transfer of information is allowed to those who ensure the same level of data protection that is adhered to by the company as provided for under the Indian laws

B.

The transfer of information is allowed only after taking approval of Chief Information Commissioner of India

C.

The transfer of information is allowed only after taking approval of DeitY (Department of Electronics & Information Technology) in India

D.

The transfer may be allowed only if it is necessary for the performance of the lawful contract or where the data subject has consented to data transfer

Which of the following provides the legal basis for an Adjudicating Officer in every Indian state & union territory, with the powers of a civil court, to hear complaints and order compensation to the affected individuals?

A.

Indian Civil Code

B.

Indian Criminal Procedure Code

C.

Telecom Regulatory Authority of India (TRAI) Act

D.

Information Technology Act, 2000 & Information Technology (Amendment) Act, 2008

With respect to ‘Data Minimization’ privacy principle, please select the correct statements from the following:

A.

Right to object by the data subject for minimizing the collection of personal information

B.

Data controllers should limit the amount of data collected to what is directly relevant and necessary to accomplish a specified purpose

C.

Data controllers should retain the data only for as long as is necessary to fulfil the purpose for which it was collected

D.

Process of analyzing and minimizing the collected data into useful information

XYZ is a successful startup that acquired a respectable size & scale of operations in last 3 years, handling business process services for small & medium scale enterprises, largely in US & Europe. They are at the stage of closing a deal with a new banking client and working out the details of privacy related obligations in contract. Ensuring effective enforcement of which of the below listed privacy principles is client’s accountability, even after outsourcing its loan approval process to XYZ?

I. Notice

II. Choice and Consent

III. Collection Limitation

IV. Use Limitation

V. Access and Correction

VI. Security

VII. Disclosure to third Party

Please select the correct set of principles from below listed options:

A.

None of the above, since they are outsourcing the work to XYZ who will carry the liability going forward

B.

All except V and VI

C.

All except III

D.

All of the above listed privacy principles

After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside India. Which privacy principle provisions notified under Sec 43A were exempted for the service providers?

A.

Consent

B.

Privacy policy (which is published)

C.

Access and Correction

D.

Disclosure of information

Select the element(s) of APEC cross border privacy rules system from the following list:

i. self-assessment

ii. compliance review

iii. recognition/acceptance by APEC members

iv. dispute resolution and enforcement

Please select correct option:

A.

i, ii and iii

B.

ii, iii, and iv

C.

i, iii and iv

D.

i, ii, iii and iv

A multinational company with operations in several parts within EU and outside EU, involves international data transfer of both its employees and customers. In some of its EU branches, which are relatively larger in size, the organization has a works council. Most of the data transferred is personal, and some of the data that the organization collects is sensitive in nature, the processing of some of which is also outsourced to its branches in Asian countries.

For the outsourced work of its customers’ data processing, in order to initiate data transfer to another organizations outside EU, which is the most appropriate among the following?

A.

The vendor (data importer) in the third country, and not the exporter is responsible to put in place suitable model contractual clauses, and hence the exporter does not need to take any action.

B.

Since the data is processed by the vendor outside the EU, the EU directive does not apply and hence there are no legal concerns

C.

The data exporter needs to initiate model contractual clauses after obtaining approvals from data protection commissioner and have the vendor be a signatory on the same as data importer

D.

The data importer need to notify about the transfer to data protection commissioner in the destination country and exporter need to similarly notify in the EU country of origin